apisix-dashboard
apisix-dashboard copied to clipboard
apache
bug: ssl upgrade display :"Invalid date"
Current Behavior
when i perform python script:
#!/usr/bin/python3
# coding: utf-8
# save this file as test-ssl.py
import sys
# sudo pip install requests
import requests
if len(sys.argv) <= 3:
print("bad argument")
sys.exit(1)
with open(sys.argv[1]) as f:
cert = f.read()
with open(sys.argv[2]) as f:
key = f.read()
sni = sys.argv[3]
api_key = "edd1c9f034335f136f87ad84b625c8f1"
resp = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/10", json={
"cert": cert,
"key": key,
"snis": [sni],
}, headers={
"X-API-KEY": api_key,
})
print(resp.status_code)
print(resp.text)
./test-ssl.py t.crt t.key imepisode.top output: 201 {"node":{"key":"/apisix/ssl/10","value":{"cert":"-----BEGIN CERTIFICATE----- 。。。。
Expected Behavior
The certificate displays the normal expiration time
Error Logs
Steps to Reproduce
when i perform python script:
#!/usr/bin/python3
# coding: utf-8
# save this file as test-ssl.py
import sys
# sudo pip install requests
import requests
if len(sys.argv) <= 3:
print("bad argument")
sys.exit(1)
with open(sys.argv[1]) as f:
cert = f.read()
with open(sys.argv[2]) as f:
key = f.read()
sni = sys.argv[3]
api_key = "edd1c9f034335f136f87ad84b625c8f1"
resp = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/10", json={
"cert": cert,
"key": key,
"snis": [sni],
}, headers={
"X-API-KEY": api_key,
})
print(resp.status_code)
print(resp.text)
./test-ssl.py t.crt t.key imepisode.top output: 201 {"node":{"key":"/apisix/ssl/10","value":{"cert":"-----BEGIN CERTIFICATE----- 。。。。
Environment
docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/apache/apisix 2.14.0-alpine 725ef9bd333b 2 days ago 148 MB docker.io/apache/apisix-dashboard 2.10.1-alpine d62bd8aeb867 2 months ago 109 MB docker.io/bitnami/etcd 3.4.15 8c7e00e786b8 12 months ago 132 MB docker.io/prom/prometheus v2.25.0 a618f5685492 15 months ago 175 MB docker.io/grafana/grafana 7.3.7 13afb861111c 16 months ago 187 MB docker.io/nginx 1.19.0-alpine 7d0cdcc60a96 24 months ago 21.3 MB
@stevenlee87 What's the problem? Your script do print the response but why you expect no response?
The certificate displays the normal expiration time
sorry!I didn't write it clearly
Expected Behavior: The certificate displays the normal expiration time.(I have modified the above problem)
I tried to update the test environment to the latest version: REPOSITORY TAG IMAGE ID CREATED SIZE apache/apisix-dashboard 2.13-alpine 712ac4ecc93e 13 days ago 109 MB docker.io/apache/apisix-dashboard 2.13-alpine 712ac4ecc93e 13 days ago 109 MB docker.io/apache/apisix 2.14.1-alpine 382ae3df093d 2 weeks ago 148 MB docker.io/apache/apisix 2.14.0-alpine 725ef9bd333b 3 weeks ago 148 MB docker.io/apache/apisix-dashboard 2.10.1-alpine d62bd8aeb867 2 months ago 109 MB docker.io/bitnami/etcd 3.4.15 8c7e00e786b8 13 months ago 132 MB docker.io/prom/prometheus v2.25.0 a618f5685492 16 months ago 175 MB docker.io/grafana/grafana 7.3.7 13afb861111c 17 months ago 187 MB docker.io/goodsmileduck/redis-cli latest 0ed5b1e16de5 2 years ago 52.6 MB docker.io/nginx 1.19.0-alpine 7d0cdcc60a96 2 years ago 21.3 MB
The problem remains:
Can you check the details of the request in the browser Network panel?
I don't think the problem has anything to do with browsing.
I use apisix-dashboard to upload the certificate to show the expiration time is normal.
I meant to find this request in this panel in the browser, and observe the request payload and response data, the form component apparently received abnormal data causing the display exception.
I meant to find this request in this panel in the browser, and observe the request payload and response data, the form component apparently received abnormal data causing the display exception.
I looked at the data stored in the ETCD.Some fields of the certificate uploaded in script mode are missing: {"update_time":1655720235,"cert":"-----BEGIN CERTIFICATE-----key...(omit)....\n-----END CERTIFICATE-----\n","create_time":1655367017,"snis":["imepisode.top"],"status":1,"key":"key...(omit)....","id":"10"}
The normal data is: {"id":"10","create_time":1655367017,"update_time":1655720045,"cert":"-----BEGIN CERTIFICATE-----\nkey...(omit)....\n-----END CERTIFICATE-----\n","key":"-----BEGIN RSA PRIVATE KEY-----\r\nkey...(omit)....\r\n-----END RSA PRIVATE KEY-----\r\n","snis":["imepisode.top"],"status":1,"validity_start":1654128000,"validity_end":1661990399}
When i post the "validity_end" property to server, the web is corrected.
The api didn't read the validity_end from cert file
When i post the "validity_end" property to server, the web is corrected.
The api didn't read the validity_end from cert file
That should be the problem.What version can be fixed?
Have no idea, right now my workaround is post it by mysql:
` validity_end=$(date +%s --date="+90 day")
openssl rsa -in /data/data/letsencrypt/live/xxx/privkey.pem -out /data/data/letsencrypt/live/xxx/cert.key
read -N 100000 cert </data/data/letsencrypt/live/xxx/fullchain.pem
read -N 100000 key </data/data/letsencrypt/live/xxx/cert.key
body='{ "cert": "'$cert'", "key": "'$key'", "validity_end": '$validity_end', "snis": ["xxx.com", "*.xxx.com" ] }'
curl http://127.0.0.1/apisix/admin/ssl -H "Content-Type: application/json" -H 'X-API-KEY:' -X POST -d "$body" `
$validity_end is your own definition, not read from the certificate file.